Ive got all my sites-enabled vhosts in separate confs for all my hosts, both 443 and 80, ssl-sites enabled in separate files too.
Im trying to renew and when I run certbot --update I am greeted with the following nonsense. ( a single s where my hostname should be, so selecting it obviously results in an undesirable error and failure to properly obtain or generate a certificate, keep in mind I actually need new certs, and I have already purged certbot and reinstalled fresh.
Which names would you like to activate HTTPS for?
1: s
This is on apache2 with Debian 8 jessie
{
ātypeā: āurn:acme:error:malformedā,
ādetailā: āError creating new authz :: DNS name does not have enough labelsā,
āstatusā: 400
}
I need to get that āsā outta there and get my domain name where its supposed to be, I have no idea where this is stored, or how to clear it, or how to correct it.
Is this simply a matter of certbot trying to generate a cert based on the default vhost of /var/www/ in the apache.conf ?
I donāt think that it should considering all of my hosts are properly placed in the /etc/apache2/sites-enabled folder.
Any help moving forward to get this secured is greatly appreciated.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Apache isn't starting because there are no ssl certificates...a problem which would be easily resolved, if I can get some certs...
Jun 19 14:57:49 squidblacklist.org systemd[1]: Failed to start LSB: Apache2 web server.
Jun 19 14:57:49 squidblacklist.org systemd[1]: Unit apache2.service entered failed state.
Jun 19 14:57:49 squidblacklist.org apache2[1296]: AH00526: Syntax error on line 29 of /etc/apache2/sites-enabled/default-ssl.conf:
Jun 19 14:57:49 squidblacklist.org apache2[1296]: SSLCertificateFile: file '/etc/letsencrypt/live/squidblacklist.org/fullchain.pem' does not exist or is empty
Or uncommented if you like
AH00016: Configuration Failed
[Tue Jun 19 15:00:15.383301 2018] [ssl:emerg] [pid 1514] AH02572: Failed to configure at least one certificate and key for s:443
[Tue Jun 19 15:00:15.383385 2018] [ssl:emerg] [pid 1514] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Tue Jun 19 15:00:15.383391 2018] [ssl:emerg] [pid 1514] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
Your domain (www version) hasn't had a certificate for more than half a year now.
(The latest LE certificate i could see for this domain is from July 7, 2017 crt.sh | www.squidblacklist.org)
Also, it seems that sudo certbot --update is using vHosts pulled directly from apache..
So you might want to take a look at your vHost config... (You might set the wrong server_name in that vHost)
In this case.. try this command: sudo certbot --apache -d squidblacklist.org -d www.squidblacklist.org
(This will try to obtain a certificate & install it) (However i'm afraid it would show as couldn't be installed due to no match in vHost)
P.S.
If the above command doesn't work, try sudo certbot certonly -d squidblacklist.org -d www.squidblacklist.org (This will obtain a certificate but not install it, so you would need to config the SSLcertificate path manually)
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):1
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
And voila, everything SEEMS to be working now. BUT IT ISNT...
Now this is the problem...
Browsers are reporting to me that the ssl certificates have some kind of a problem and refuse to load the pages.. FAIL
Canāt connect securely to this page
This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the websiteās owner.
Try this:
Go back to the last page
Sites up, but only thanks to Cloudflares flexible ssl solution, the problem remains unsolved behind the WAF ladies and gentlemen.